Skip to main content

SOC Maturity Assessment

Updated over 5 months ago

Service Overview

With the ever-changing cyber landscape, organizations have come to accept that cyber incidents cannot be entirely prevented. As a result, they are increasingly focused on enhancing their monitoring and response capabilities. Many have established Security Operations Centers (SOC) equipped with centralized log event management systems (SIEM) to detect anomalies across infrastructure and services and to respond effectively.

As a critical function managing large volumes of data and complex tasks, the SOC must be regularly evaluated and optimized to ensure threats are being adequately monitored. CYE’s SIEM/SOC Maturity Assessment provides a holistic, multi-layered analysis of the SOC’s components - including people, technologies, services, and procedures - and delivers both short- and long-term recommendations. This assessment helps organizations identify weaknesses, assess their SOC’s maturity level, and ensure efficient use of resources to reduce exposure and risk.

The following SOC and SIEM elements are assessed:

  • Governance

  • Availability

  • People

  • Processes and procedures

  • Detection capabilities

  • Services and integrations

  • Business involvement

  • Physical facilities

Methodology

The assessment evaluates the SOC from a multi-layered perspective, It aims to identify potential weaknesses that could result in exposure, misuse, or inefficient use of resources.

The assessment is executed in two phases, each designed to examine a different part of the SOC:

  • Processes and Technology Stack Review
    A white-box review of the SOC's governance, policies, procedures, and current technology stack, including the SIEM solution and incident management systems. This phase is based on interviews and includes examining the systems mentioned above.

  • Purple Team Exercise
    A practical evaluation of the SOC team's skills and proficiency. The assessment team generates alert scenarios in the SIEM environment and observes the SOC's ability to detect and respond, comparing actions taken to the expected outcome.

Deliverables

  • A comprehensive analysis of the SOC posture, highlighting identified gaps and providing actionable recommendations

  • A SOC maturity score

Prerequisites

  • Designated point of contact

  • API read-only access to the SIEM solution

  • Read-only access to the SIEM admin portal

  • Two standard endpoints in the organization’s network and two standard user accounts with local admin rights for purple team activity

  • Relevant documentation (e.g., SOC playbooks, relevant procedures, SOC personnel training syllabus)

Customer Engagement

Availability of the following stakeholders is required for online sessions and interviews:

  • SOC engineers

  • SOC manager

  • Chief Information Security Officer (CISO)

  • Security operations manager

  • IT stakeholders

  • Incident response team

Relevant Standards

  • NIST Cybersecurity Framework

  • MITRE

Security Domains Covered

The following NIST CSF functions will be addressed and revised depending on the results of the assessment:

  • Detect

  • Respond

Related Articles
Maturity Assessment
Maturity Assessment
Getting Started with Maturity Assessment
Technologies in the Maturity Assessment
OT Environment Maturity Assessment
Did this answer your question?